This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Session validation

I have a question on what is the best way to validate user session?
i know the code how to check it already, but currently i have to copy the method to all of the page's controller.

Is there any better way to solve it? so i just create a function then every page automatically will be validated by that function without calling the function (put the function in the controller) ? or using something like interceptor (if yes please tell me how to use it)?

Can you describe what you mean by validate session? Are you trying to validate that a user exists and has permission to access the page? If so, Spring Security will do that in its core filters which is outside of the controller.

Comment

Yes something like that, actually its only simple thing. for example is the session expired? or is the session exist?
Currently im using database to validate, thats why i need a function that is created by me to validate. Is it possible if i use interceptor? if so could you tell me how to use it?

Thanks

Comment

I'm not sure I understand. Usually the session existing/expiration is managed by the Container (i.e. Tomcat). If that session is expired or does not exist then Spring Security will not have an authenticated Authentication in the SecurityContextHolder. This means you should not have to inspect a database to determine if the session exists/is expired under most circumstances. Do you have custom session management needs?

Comment

I managed to follow your suggestion by using filter and it works.
However, i faced some problem which is if the session is already null then my filter will automatically redirect the page into the login page, but here is the funny thing, why my current page's controller or submit code is still executed?

do you know how to stop the process if the the session is null in the filter. actually the redirect is working already, but when i debug the current page controller is still executed.

Thanks

Comment

This is a bit outside of the scope of Spring Security, but it is probably because you are executing filterChain.doFilter. If you do not call this it will probably fix your problem. If you have any problems specific to Spring Security feel free to post them. If it is a general Java or J2EE question another forum is recommended (i.e. stackoverflow).